[RFC PATCH 4/8] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent
UPDATE_DATA takes the VM's file descriptor, a guest memory region to be encrypted, as well as the size of the aforementioned guest memory region. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 31 ++- 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 49be072cbc..615021a1a3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -715,29 +715,6 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } -static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) -{ -int ret, fw_error; -struct kvm_sev_launch_update_data update; - -if (!addr || !len) { -return 1; -} - -update.uaddr = (__u64)(unsigned long)addr; -update.len = len; -trace_kvm_sev_launch_update_data(addr, len); -ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, -&update, &fw_error); -if (ret) { -error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", -__func__, ret, fw_error, fw_error_to_str(fw_error)); -} - -return ret; -} - static int sev_launch_update_vmsa(SevGuestState *sev) { @@ -1009,15 +986,19 @@ out: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { +KVMState *s = kvm_state; +int fw_error; + if (!sev_guest) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { -int ret = sev_launch_update_data(sev_guest, ptr, len); +int ret = sev_launch_update_data(s->vmfd, (__u64) ptr, len, &fw_error); if (ret < 0) { -error_setg(errp, "SEV: Failed to encrypt pflash rom"); +error_setg(errp, "SEV: Failed to encrypt pflash rom fw_err=%d", + fw_error); return ret; } } -- 2.40.1
[RFC PATCH 4/8] i386/sev: Replace UPDATE_DATA ioctl with sev library equivalent
UPDATE_DATA takes the VM's file descriptor, a guest memory region to be encrypted, as well as the size of the aforementioned guest memory region. If this API ioctl call fails, fw_error will be set accordingly. Signed-off-by: Tyler Fanelli --- target/i386/sev.c | 31 ++- 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 49be072cbc..615021a1a3 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -715,29 +715,6 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } -static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) -{ -int ret, fw_error; -struct kvm_sev_launch_update_data update; - -if (!addr || !len) { -return 1; -} - -update.uaddr = (__u64)(unsigned long)addr; -update.len = len; -trace_kvm_sev_launch_update_data(addr, len); -ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, -&update, &fw_error); -if (ret) { -error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", -__func__, ret, fw_error, fw_error_to_str(fw_error)); -} - -return ret; -} - static int sev_launch_update_vmsa(SevGuestState *sev) { @@ -1009,15 +986,19 @@ out: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { +KVMState *s = kvm_state; +int fw_error; + if (!sev_guest) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { -int ret = sev_launch_update_data(sev_guest, ptr, len); +int ret = sev_launch_update_data(s->vmfd, (__u64) ptr, len, &fw_error); if (ret < 0) { -error_setg(errp, "SEV: Failed to encrypt pflash rom"); +error_setg(errp, "SEV: Failed to encrypt pflash rom fw_err=%d", + fw_error); return ret; } } -- 2.40.1